Adobe to Release Patch for Black Hat Flaw Aug. 19
Adobe Systems announced that on Aug. 19 it will patch a flaw in Reader revealed at the Black Hat security conference in an emergency update.
The update will cover critical bugs affecting Adobe Reader and Acrobat, including one revealed by Charles Miller, principal security analyst with consulting firm Independent Security Evaluators, at the conference last month. The bug is due to an integer overflow, and can be used by attackers to compromise a system.
"Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues...and the Adobe Flash Player update as noted in Security Bulletin APSB10-16. Adobe expects to make these updates available on Thursday August 19, 2010."
According to Secunia, attackers armed with a malicious PDF file containing specially crafted TrueType font can exploit the vulnerability Miller uncovered, and users are advised not to open untrusted PDF files with the software.
After Aug. 19's out-of-band release, Adobe is currently scheduled to release the next quarterly security updates for Adobe Reader and Acrobat on Oct. 12.